Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Security overlay for distributed encrypted containers

: Patzer, F.; Jakoby, A.; Kresken, Thomas; Müller, Wilmuth

Volltext (PDF; )

SAM 2015, International Conference on Security and Management. Online resource : As part of Worldcomp 2015; July 27-30, 2015, Las Vegas, Nevada, USA
Las Vegas/Nev., 2015
International Conference on Security and Management (SAM) <2015, Las Vegas/Nev.>
World Congress in Computer Science, Computer Engineering, and Applied Computing (WorldComp) <2015, Las Vegas/Nev.>
Konferenzbeitrag, Elektronische Publikation
Fraunhofer IOSB ()
security architecture; secure cloud storage; mobile security; information security management; secure distributed storage; NAT

Storage services enable a high potential for time and location independent access to information particularly combined with smart mobile devices. In combination with corporate and local storage, those services can be a powerful extension to available storage in enterprise or governmental environments. In contrast, common secure storage strategies like encrypted partitions or disks are static and remotely inaccessible, but are comfortable to use in a local scenario. However, storing sensitive data on public servers is not an option due to the possibility that an unauthorized third party can access it. Generally security policies like corporate compliance prohibit those services explicitly. Thus, sensitive data has to be encrypted to allow its storage on public servers. The paper at hand describes a security overlay using a trusted environment to build a distributed virtual encrypted container that supports OTFE (on-the-fly encryption). For this purpose, an easily extendable security overlay is introduced where each file or data set is encrypted independently. The overlay provides a hierarchical key structure, which hierarchically controls access to uploaded data and maps the data structure at the same time. Additionally, the directory structures and the meta-data are protected against unauthorized access. Therefore, the presented concept enables the creation of a deniable distributed file system that can enable an implementation to make strong security promises. The trusted environment can be provided by a device called CyphWay®, which has been developed at the Fraunhofer IOSB and presented at ICCWS 2014. The device guaranties that cryptographic keys are only available within a Hardware Security Module. Thus, the whole key structure and the keys themselves are protected even against the user devices, which is important regarding potentially insecure mobile platforms. Unlike several encrypted container solutions the presented system allows to distribute encrypted data over a huge number of divergent publically available storage services, like cloud storages. In addition, it is possible to combine those storages with private or corporate storage.